A training program for security awareness will inspire and encourage everyone to practice secure computing because everyone - from management to end users - will understand that they have a vested interest in secure computing.

Certificates

Entrust Datacard is one of the most trusted brands in online security with one of the most respected client bases, empowering governments, enterprises and financial institutions in more than 5,000 organizations spanning 150 countries.

A training program for security awareness will inspire and encourage everyone to practice secure computing because everyone - from management to end users - will understand that they have a vested interest in secure computing.

Certificates

Entrust Datacard is one of the most trusted brands in online security with one of the most respected client bases, empowering governments, enterprises and financial institutions in more than 5,000 organizations spanning 150 countries.

Entrust Wildcard SSL

TLS/SSL Certificates

The difference between a Wildcard SSL certificate and other SSL/TLS certificates is that other certificates, which are issued to a single Fully Qualified Domain Name (FQDN), (e.g., www example.com), can only be used to secure the exact domain to which it has been issued. A Wildcard SSL certificate is issued to a “Common Name” *.example.com, and a Subject Alternative Name (SAN) allowing the certificate to be used for an unlimited number of subdomains across an unlimited number of servers. A single Wildcard SSL certificate secures one domain *.example.com, and unlimited subdomains www.example.com, buy.example.com, dev.example.com, mail.example.com, etc.

Entrust Wildcard SSL Certificates can also secure multiple Wildcard SANs. The SAN ensures that the Wildcard certificate works with or without a subdomain: *.example.com, *.example.net, *.sample.com, .examplesample.com.

The combination of flexibility and value gives system administrators the ability to easily add subdomains without the costs or tasks involved with deploying new certificates. Plus all Entrust Wildcard SSL certificates come with a website security bundle to find malware on your website and protect it from being blacklisted.

Our Wildcard offering is the only Wildcard certificate that can also support up to 250 Subject Alternative Names (SANs) allowing you to add other domain names and even unrelated Wildcard domains to one certificate.

The practice of using a single certificate, such as a Wildcard Certificate, to protect multiple servers has become more common because they’re more cost effective and provide an easier way to manage certificates. The flexibility of managing an unlimited number of subdomains to a single certificate is a nice advantage for system administrators who want to simplify SSL/TLS certificate management. However, there is a substantial risk to using Wildcard certificates without employing best practices that mitigate common vulnerabilities.

The fact that a single Wildcard certificate and its corresponding private key could be used on multiple servers, and can also be used with the appearance of legitimacy with either a fictitious or a fraudulent subdomain name leaves them open to vulnerabilities. Using a single Wildcard certificate to protect multiple servers requires exporting the key-pair from one machine and importing it into one or more other machines. This creates a security vulnerability because the private key now exists in multiple locations. Now the value of that one private key is much greater because it protects more resources. This practice ultimately bypasses controls for those subscribers who rely on the certificate approval procedure to monitor the authorization of new servers and new domains.

Eavesdrop: is where an attacker finds their way inside the network and gains the ability to intercept user traffic.

Impersonation: happens when an attacker impersonates a genuine resource within the domain. A victim is lured to a fraudulent resource in the certified domain through a phishing attack.

Properly managed Wildcard SSL certificates can provide increased flexibility for system administrators, but they do come with increased risk. Entrust recommends using proper safeguards when deploying Wildcard Certificates. Download the white paper for a more detailed analysis..